Omar Polo <o...@openbsd.org> [2021-12-10, 15:13 +0100]: > Stuart Henderson <s...@spacehopper.org> writes: > >> On 2021/12/10 09:50, Omar Polo wrote: >>> Timo Myyrä <timo.my...@bittivirhe.fi> writes: >>> >>> > Hi, >>> > >>> > Pekwm got new minor release containing fixes. It adds a new >>> > configuration option which allows us to remove local doc patch. With >>> > quick test >>> > seems to be working ok here on amd64. > > Thanks, committed! > >>> [...] >>> >>> Just one curiosity, now there are only two remaining patches and they're >>> both for pledge, has anybody tried to upstream those? They seem in a >>> good shape for being merged, but I don't see anything on github. I'm >>> missing some bit of history here? >> >> personally I prefer it if pledge patches aren't upstreamed unless >> upstream is actively running and testing with OpenBSD, we can easily >> end up in the situation like with i3 where we have to patch to remove >> them again. > > I didn't know about the i3 case, I agree completely then. The two > patches are also small and not a burden. > > (also, if upstream is actively running and testing with OpenBSD chances > are that we don't need to add pledge patches in the first place ;-)
I'm not too keen on sending the pledge support upstream as it is now. I haven't done any deep analysis on the pledge, just thought a reasonable set of privileges it needs and slapped that around the main loop and tested it still worked. I was mostly interested on limiting the networking stuff away. I think a more in-depth pledging would be needed for it to be upstreamed and it should be monitored and updated as development goes on. Timo
